/* Microsoft Reference Implementation for TPM 2.0
 *
 *  The copyright in this software is being made available under the BSD License,
 *  included below. This software may be subject to other third party and
 *  contributor rights, including patent rights, and no such rights are granted
 *  under this license.
 *
 *  Copyright (c) Microsoft Corporation
 *
 *  All rights reserved.
 *
 *  BSD License
 *
 *  Redistribution and use in source and binary forms, with or without modification,
 *  are permitted provided that the following conditions are met:
 *
 *  Redistributions of source code must retain the above copyright notice, this list
 *  of conditions and the following disclaimer.
 *
 *  Redistributions in binary form must reproduce the above copyright notice, this
 *  list of conditions and the following disclaimer in the documentation and/or
 *  other materials provided with the distribution.
 *
 *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
 *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
 *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#include "Tpm.h"
#include "PolicyAuthValue_fp.h"

#if CC_PolicyAuthValue  // Conditional expansion of this file

#include "Policy_spt_fp.h"

/*(See part 3 specification)
// allows a policy to be bound to the authorization value of the authorized
// object
*/
/*
tpm2_policyauthvalue(1) - Enables a policy that requires the object's authentication passphrase be provided. 
This is equivalent to authenticating using the object passphrase in plaintext or HMAC. It enforces it as a policy. 
It provides a mechanism to allow for password authentication when an object only allows policy based authorization,
ie object attribute "userwithauth" is 0.

Tpm2_policyauthvalue (1)-启用需要提供对象身份验证口令的策略。这相当于在明文或 HMAC 中使用对象密码短语进行身份验证。
这是一项强制性的政策。它提供了一种机制，允许在对象只允许基于策略的授权时进行密码身份验证，即对象属性“userwithauth”为0。

当对象属性为 userwithauth 时，只能允许进行策略授权，但是又需要验证密钥，此时可以使用 tpm2_policyauthvalue， 在策略授权中插入密码身份认证。

This command allows a policy to be bound to the authorization value of the authorized entity.
When this command completes successfully, policySession→isAuthValueNeeded is SET to indicate that 
the authValue will be included in hmacKey when the authorization HMAC is computed for the command 
being authorized using this session. Additionally, policySession→isPasswordNeeded will be CLEAR.
NOTE If a policy does not use this command, then the hmacKey for the authorized command would only 
use sessionKey. If sessionKey is not present, then the hmacKey is an Empty Buffer and no HMAC would 
be computed.
If successful, policySession→policyDigest will be updated with policyDigestnew ≔ HpolicyAlg(policyDigestold || TPM_CC_PolicyAuthValue)

此命令允许将策略绑定到授权实体的授权值。
当此命令成功完成时，设置 policySession→isAuthValueNeeded 以指示在为使用此会话授权的命令计算授权 HMAC 时，authValue 将包含在 hmacKey 中。 
此外，policySession→isPasswordNeeded 将为 CLEAR。
注意 如果策略不使用此命令，则授权命令的 hmacKey 将仅使用 sessionKey。 如果 sessionKey 不存在，则 hmacKey 是一个空缓冲区，并且不会计算 HMAC。
如果成功，policySession→policyDigest 将更新为 policyDigestnew ≔ HpolicyAlg(policyDigestold || TPM_CC_PolicyAuthValue)

*/
TPM_RC
TPM2_PolicyAuthValue(
    PolicyAuthValue_In  *in             // IN: input parameter list
    )
{
    SESSION             *session;
    TPM_CC               commandCode = TPM_CC_PolicyAuthValue;
    HASH_STATE           hashState;

// Internal Data Update

    // Get pointer to the session structure
    session = SessionGet(in->policySession);

    // Update policy hash
    // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue)
    //   Start hash
    CryptHashStart(&hashState, session->authHashAlg);

    //  add old digest
    CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b);

    //  add commandCode
    CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode);

    //  complete the hash and get the results
    CryptHashEnd2B(&hashState, &session->u2.policyDigest.b);

    // update isAuthValueNeeded bit in the session context
    session->attributes.isAuthValueNeeded = SET;
    session->attributes.isPasswordNeeded = CLEAR;

    return TPM_RC_SUCCESS;
}

#endif // CC_PolicyAuthValue